The buzz about Bitcoin has moved from online circles to mainstream media sources. Last week’s news of the collapse of exchange Mt. Gox got more play than in just the business section. Everyone seems to be interested in the digital, anonymous, and stateless currency. Governments have made pronouncements, law enforcement has investigated its use in money laundering, and legitimate businesses such as retailers and restaurants have begun to accept Bitcoin for payments. In recent McAfee Labs Threats Reports, we have offered timelines that showed the volatility in Bitcoin valuation. The timeline continues here for the most recent quarter, which saw the currency jump from US$136 in value to $1,242 before finishing the quarter at $820, a sixfold increase for the period. For more on cybercrime, vulnerabilities, and malware, see the newly released McAfee Labs Threats Report: Fourth Quarter 2013.

• October 29: The world’s first Bitcoin ATM opens in Vancouver, Canada. It dispenses Canadian cash in exchange for the anonymous cryptocurrency through a palm-scan security system.[3]

• November 6: Silk Road 2.0 market comes online. Apparently administered by “Dread Pirate Roberts,” the same pseudonym adopted by the previous owner and manager of the Silk Road, allegedly the 29-year-old Ross Ulbricht, who was arrested by the FBI in San Francisco on October 2.[4]

• November 8: Australia developer “Trade Fortress” alleges $1 million worth of Bitcoin was stolen from his virtual wallet.[5]

• November 11: The Czech Republic Bitcoin exchange platform Bitcash.cz is hacked; money from 4,000 Bitcoin wallets is stolen at a value of more than 2 million Czech Koruna ($100,000).[6]

• November 14: The New York Department of Financial Services announces it will hold hearings in the coming months to discuss regulating Bitcoin.[7]

• November 19: Gaming company E-Sports Entertainment Association (ESEA) is hit with a $1 million fine after it was discovered to have secretly used its customers computers to mine Bitcoins.[9]

• November 22: After launching DDoS attacks on preceding days, cybercriminals break into the Danish BIPs—Bitcoin payment processor servers—and wipe out about BTC 1,295 from more than 22,000 customers’ wallets.[10]

• November 29: 1 Bitcoin reaches a record high, valued at $1,242 by exchange Mt. Gox.[11]

• December 4: Security researchers at Trustwave’s SpiderLabs find a Pony Botnet Controller Server in the Netherlands with almost two million usernames and passwords, stolen by cybercriminals from users of Facebook, Twitter, Google, Yahoo, and other websites.[12] Some cybercriminals offer access to the data in exchange for BTC 0.05. (Some observers claim the dump displayed to attract possible buyers is not real.)

• December 4: Lamborghini Newport Beach (California) announces it is ready to accept Bitcoins as payment for vehicles.[13] Using the BitPay platform, the company says it recently sold a Tesla Model S Performance listed at $118,888.

• December 7: The value of Bitcoin drops by $300 after China’s central bank, the People’s Bank of China, and five government ministries say they do not consider Bitcoin as a real currency.[14]

• December 19: SealsWithClubs, an online poker room that deals only in Bitcoin, says its customer database was hacked. The day before, 42,000 hashes were posted to a user forum.[15]

Following the coins

Black market websites for stolen data (date of birth, social security number, address, and credit card number, etc.) are numerous on the Internet. They come and go for a variety of reasons, including avoiding law enforcement attempts to shut them down and arrest the principals.

To attract new buyers, these sites advertise via spam emails. By multiplying the number of sites online, the crooks multiply their profits. And by accepting digital currencies such as Bitcoin, these crooks can also rip off novice criminals. When a sufficient number of buyers purchase stolen credit card data, a site will disappear. Because digital currencies are exchanged irreversibly and almost anonymously, the money stays in the site owner’s hands. Even for criminals, the buyer must beware.

Using Bitcoin is not fully anonymous. A criminal can publicly link his name to a wallet address; that error can be dangerous. For this reason some cybercriminals have jumped to other types of virtual money, including Zerocoin.[16]

Successfully following the money trail requires an in-depth investigation. Dorit Ron and Adi Shamir of the Weizmann Institute of Science, in Israel, published their research on Bitcoin, Silk Road, and account holder Dread Pirate Roberts in November.[17] They traced the evolution of DPR’s holdings after the address of the FBI Bitcoin wallet used to seize some Silk Road assets on October 1 was published.